CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    7.8

    CVSS31
    CVE-2021-28310 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-28310

    Alert Date: Nov 03, 2021 | 1325 days ago

    8.8

    CVSS31
    CVE-2021-26411 - Microsoft Internet Explorer Memory Corruption Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-26411

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.8

    CVSS31
    CVE-2019-0859 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0859

    Alert Date: Nov 03, 2021 | 1325 days ago

    8.8

    CVSS31
    CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40444

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.8

    CVSS31
    CVE-2017-8759 - Microsoft .NET Framework Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-8759

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.5

    CVSS31
    CVE-2018-8653 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8653

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.8

    CVSS31
    CVE-2019-0797 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0797

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.5

    CVSS31
    CVE-2021-36942 - Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-36942

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.8

    CVSS31
    CVE-2019-1215 - Microsoft Windows Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1215

    Alert Date: Nov 03, 2021 | 1325 days ago

    8.8

    CVSS31
    CVE-2018-0798 - Microsoft Office Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0798

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.8

    CVSS31
    CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0802

    Alert Date: Nov 03, 2021 | 1325 days ago

    8.8

    CVSS31
    CVE-2012-0158 - Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0158

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.8

    CVSS31
    CVE-2015-1641 - Microsoft Office Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1641

    Alert Date: Nov 03, 2021 | 1325 days ago

    8.8

    CVSS31
    CVE-2021-27085 - Microsoft Internet Explorer Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27085

    Alert Date: Nov 03, 2021 | 1325 days ago

    8.8

    CVSS31
    CVE-2019-0541 - Microsoft MSHTML Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0541

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.5

    CVSS31
    CVE-2020-0674 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0674

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.6

    CVSS31
    CVE-2021-27059 - Microsoft Office Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27059

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.8

    CVSS31
    CVE-2017-0199 - Microsoft Office and WordPad Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0199

    Alert Date: Nov 03, 2021 | 1325 days ago

    8.8

    CVSS31
    CVE-2020-1380 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1380

    Alert Date: Nov 03, 2021 | 1325 days ago

    7.5

    CVSS31
    CVE-2019-1429 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1429

    Alert Date: Nov 03, 2021 | 1325 days ago
Showing 20 of 1370 Results

Filters

© cvefeed.io
Latest DB Update: Jun. 20, 2025 18:40